SOLR-15317 Handle spaces in principal names (apache#64)

epugh · Apr 9, 2021 · 7ac95ab · 7ac95ab
1 parent adf9e6d
commit 7ac95ab
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
@@ -258,6 +258,8 @@ Bug Fixes
 
 * SOLR-15233: Set doAs param in ConfigurableInternodeAuthHadoopPlugin (Geza Nagy, Jason Gerlowski, Mike Drob)
 
+* SOLR-15317: Correctly handle user principals with whitespace in PKIAuthPlugin (Dominik Dresel, Mike Drob)
+
 ==================  8.9.0 ==================
 
 Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.

diff --git a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
@@ -167,15 +167,15 @@ private static  PKIHeaderData parseCipher(String cipher, PublicKey key) {
       return null;
     }
     String s = new String(bytes, UTF_8).trim();
-    String[] ss = s.split(" ");
-    if (ss.length < 2) {
+    int splitPoint = s.lastIndexOf(' ');
+    if (splitPoint == -1) {
       log.warn("Invalid cipher {} deciphered data {}", cipher, s);
       return null;
     }
     PKIHeaderData headerData = new PKIHeaderData();
     try {
-      headerData.timestamp = Long.parseLong(ss[1]);
-      headerData.userName = ss[0];
+      headerData.timestamp = Long.parseLong(s.substring(splitPoint + 1));
+      headerData.userName = s.substring(0, splitPoint);
       log.debug("Successfully decrypted header {} {}", headerData.userName, headerData.timestamp);
       return headerData;
     } catch (NumberFormatException e) {

diff --git a/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java b/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
@@ -67,6 +67,10 @@ boolean isSolrThread() {
     }
   }
 
+  final AtomicReference<Header> header = new AtomicReference<>();
+  final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
+  final FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
+
   public void test() throws Exception {
     assumeWorkingMockito();
 
@@ -83,22 +87,20 @@ public Principal getUserPrincipal() {
     PublicKey correctKey = CryptoKeys.deserializeX509PublicKey(mock.getPublicKey());
     mock.remoteKeys.put(nodeName, correctKey);
 
-    principal.set(new BasicUserPrincipal("solr"));
+    String username = "solr user"; // with spaces
+    principal.set(new BasicUserPrincipal(username));
     mock.solrRequestInfo = new SolrRequestInfo(localSolrQueryRequest, new SolrQueryResponse());
     BasicHttpRequest request = new BasicHttpRequest("GET", "http://localhost:56565");
     mock.setHeader(request);
-    final AtomicReference<Header> header = new AtomicReference<>();
     header.set(request.getFirstHeader(PKIAuthenticationPlugin.HEADER));
     assertNotNull(header.get());
     assertTrue(header.get().getValue().startsWith(nodeName));
-    final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
     HttpServletRequest mockReq = createMockRequest(header);
-    FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
     mock.authenticate(mockReq, null, filterChain);
 
-    assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
     assertNotNull(wrappedRequestByFilter.get());
-    assertEquals("solr", ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
+    assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
+    assertEquals(username, ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
 
     //test 2
     principal.set(null); // no user